[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-commits
Subject:    kdegraphics/kfile-plugins/jpeg
From:       Carsten Pfeiffer <carpdjih () mailbox ! tu-berlin ! de>
Date:       2003-02-13 15:10:37
[Download RAW message or body]

CVS commit by pfeiffer: 

Don't crash on some (well, one at least) weird jpegs, that has an unexpected value on \
                a certain place (causing a uint overflow)
CCMAIL: 54542-close@bugs.kde.org

My first commit with Gideon -- it looks like this qeditor thing has a sane \
auto-indenting mode!


  M +4 -1      exif.cpp   1.4


--- kdegraphics/kfile-plugins/jpeg/exif.cpp  #1.3:1.4
@@ -690,5 +690,8 @@ void ExifData::ProcessExifDir(unsigned c
         if (DIR_ENTRY_ADDR(DirStart, NumDirEntries) + 4 <= OffsetBase+ExifLength){
             Offset = Get32u(DIR_ENTRY_ADDR(DirStart, NumDirEntries));
-            if (Offset){
+            // There is at least one jpeg from an HP camera having an Offset of \
almost MAXUINT. +            // Adding OffsetBase to it produces an overflow, so \
compare with ExifLength here. +            // See \
http://bugs.kde.org/show_bug.cgi?id=54542 +            if (Offset && Offset < \
ExifLength){  SubdirStart = OffsetBase + Offset;
                 if (SubdirStart > OffsetBase+ExifLength){


[prev in list] [next in list] [prev in thread] [next in thread]